Merge branch 'main' of https://github.com/RIT-SWEN-261-02/team-project-2245-swen-261-02-2b

1 files changed, 10 insertions, 3 deletions

diff --git a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
index 591d891..5a1a492 100644
--- a/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
+++ b/ufund-api/src/main/java/com/ufund/api/ufundapi/service/AuthService.java
@@ -1,5 +1,6 @@
 package com.ufund.api.ufundapi.service;
 
+import com.ufund.api.ufundapi.model.User;
 import com.ufund.api.ufundapi.model.UserAuth;
 import com.ufund.api.ufundapi.persistence.UserAuthDAO;
 import org.springframework.stereotype.Component;
@@ -20,13 +21,19 @@ public class AuthService {
     /**
      * Check if the provided key has access to the provided user.
      *
-     * @param username The username of the user trying to be accessed.
+     * @param targetUsername The targetUsername of the user trying to be accessed.
      * @param key The api key obtained by the client from logging in.
      * @throws IllegalAccessException Thrown if access was denied to the user.
      */
-    public void authenticate(String username, String key) throws IllegalAccessException, IOException {
+    public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException {
         var userAuth = userAuthDAO.getUserAuth(key);
-        if (userAuth == null || !userAuth.getUsername().equals(username)) {
+        if (userAuth == null) {
+            throw new IllegalAccessException("Unauthenticated");
+        }
+
+        var username = userAuth.getUsername();
+        var userType = userService.getUser(username).getType();
+        if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) {
             throw new IllegalAccessException("Unauthorized");
         }
     }